This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
CORS happens after the HTTP layer has done things such as setting cookies for a resource and does not necessarily affect them (unless withCredentials is false).
Added a note to the network error steps: http://dvcs.w3.org/hg/cors/rev/1b13c2d13067